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Based on FBI investigations and other information, the NIPC has observed that there has recently been 
an increase in hacker activity specifically targeting U.S. systems associated with e-commerce and other 
Internet-hosted sites. The majority of the intrusions have occurred on Microsoft Windows NT systems, 
although Unix based operating systems have been victimized as well. The hackers are exploiting at least 
three known system vulnerabilities to gain unauthorized access and download propriety information. 
Although these vulnerabilities are not new, this recent activity warrants additional attention by system 
administrators. In most cases, the hacker activity had been ongoing for several months before the victim 
became aware of the intrusion. The NIPC strongly recommends that all computer network systems 
administrators check relevant systems and apply updated patches as necessary. Specific emphasis 
should be placed on systems related to e-commerce or e-banking/financial business. The following types 
of exploits have been observed: 

Unauthorized Access to IIS Servers through Open Database Connectivity (ODBC) Data Access 
with Remote Data Service (RDS): 

Systems Affected: Windows NT running IIS with RDS enabled. 

Details: Microsoft Security Bulletin MS99-025, NIPC CyberNotes 99-22 

http://www.microsoft.com/technet/security/bulletin/ms99-025.asp, 
or http://www.nipc.gov/warnings/advisories/1999/99-027.htm 
http://www.nipc.gov/cybernotes/cybernotes.htm 

Summary: This vulnerability allows a malicious remote user to use a web browser to force a Windows NT 
server to return information from Structured Query Language (SQL) databases or to run system 
commands. 

SQL Query Abuse Vulnerability 

Affected Software Versions: Microsoft SQL Server Version 7.0 and Microsoft Data Engine(MSDE)1.0 
Details: Microsoft Security Bulletin MS00-14, NIPC CyberNotes 20-05 

http://www.nipc.gov/cybernotes/cybernotes.htm 

http://www.microsoft.com/technet/security/bulletin/ms00-014.asp 

Summary: This vulnerability could allow the remote author of a malicious SQL query to take unauthorized 
actions on a SQL Server or MSDE database. 

Registry Permissions Vulnerability 

Systems Affected: Windows NT 4.0 Workstation, Windows NT 4.0 Server 
Details: Microsoft Security Bulletin MS00-008, NIPC CyberNotes 20-08 and 20-22 

http://www.microsoft.com/technet/security/bulletin/ms00-008.asp 

http://www.nipc.gov/cybernotes/cybernotes.htm 

Summary: Users can modify certain registry keys such that: 

• a malicious user could specify code to launch a systems crash 


• a malicious user could specify code to launch at next login 

• an unprivileged user could disable security measures 

The NIPC is conducting further analysis of this hacker activity and will provide additional information as it 
becomes available. 

Please report any illegal or malicious activities to your local FBI office or the NIPC, and to your 
military or civilian computer incident response group, as appropriate. Incidents may be reported 
online at http://www.nipc.gov/incident/cirr.htm. 


